Alex,
These are most likely round trip time (RTT) latency
tests from an F5 3DNS load balancer. I describe
traffic like this in a paper at http://bejtlich.net
called "Interpreting Network Traffic." This traffic is
bothersome but not malicious. You can ignore it. I
recognize the Exodus source IPs from last year, also.
Richard
-----
> I have a nameserver that also acts as a gateway,
and I see these weird
> scans. They seem to have started yesterday, but
the thing I do not
> understand is why are they directed to the external
interface, on
> which I have no name service.
>
[snip]
> They are both UDP and TCP, so I also suspect
zone transfer attempts.
>
> Here are the logs, times GMT+0300, ntp stratum 3
synchronised:
>
> Sep 4 20:00:11 ns ipmon[254]: 20:00:10.664287
ed0 @0:20 b 200.211.187.194,3400 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:13:32 ns ipmon[254]: 20:13:32.402648
ed0 @0:20 b 209.67.42.162,2200 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:13:32 ns ipmon[254]: 20:13:32.404608
ed0 @0:20 b 209.67.42.162,2201 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:13:32 ns ipmon[254]: 20:13:32.405572
ed0 @0:20 b 209.67.42.162,2202 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:22:42 ns ipmon[254]: 20:22:41.308808
ed0 @0:20 b 209.67.42.162,2100 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:22:42 ns ipmon[254]: 20:22:41.309599
ed0 @0:20 b 209.67.42.162,2101 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:27:37 ns ipmon[254]: 20:27:37.283549
ed0 @0:20 b 209.67.42.162,3700 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:27:37 ns ipmon[254]: 20:27:37.284494
ed0 @0:20 b 209.67.42.162,3701 ->
192.129.3.227,53 PR tcp len 20 26624 -S IN
> Sep 4 20:27:37 ns ipmon[254]: 20:27:37.287349
ed0 @0:20 b 209.67.42.162,3702 ->
[snip]
> ------------+------------------------------------------
> Alex Popa, |There never was a good war or a bad
peace
> razor_at_ldc.ro| -- B. Franklin
> ------------+------------------------------------------
Received on Sep 06 2000
Intro
